Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.2203
IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products
19 September 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco IOS
Cisco IOS XE
Cisco IOS XR
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Access Confidential Data -- Remote/Unauthenticated
Resolution: Mitigation
CVE Names: CVE-2016-6415
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
Comment: There is proof of concept code publicly available.
Cisco will be releasing patches.
Administrators are advised to implement an intrusion prevention
system (IPS) or intrusion detection system (IDS) to help detect and
prevent attacks that attempt to exploit this vulnerability.
Administrators are advised to monitor affected systems.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products
Advisory ID: cisco-sa-20160916-ikev1
Revision 1.0
For Public Release 2016 September 16 16:00 GMT
Summary
=======
A vulnerability in IKEv1 packet processing code in Cisco IOS, Cisco IOS XE and Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information.
The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information.
Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
- -----BEGIN PGP SIGNATURE-----
iQIVAwUBV9xaxa89gD3EAJB5AQLT6BAA0Wu+va2D7PlcKnpHHrmYwCwdeHZr6S9h
+VTOhzWh7JC1jvGWUcz1mW3IOptKvN7Wb4GY+nI8YVgXS/cd4Bo8FSwOla5MFS0J
Y4LKo+kdEtrOuiXNiqMAdoExUXtCHYm08L8WbLS/ES5UEoTB5hO9EO8HA1wRQ/Yi
+/6pJGmseqgINIaX2eeqi7jjRB+47lbUoS/rlWAAuzskmK76MOOLmMYosNWqIvbV
Ja1f9/wr0rO9OCBuBbZsPfs9YH2sRF+q5uzxnt4bJMBN1smY/ow9dB59tV6caNff
xM2CQUhB6/0EyszMRvjANt06g49nOl8hixJOzDz+TaJ2xOR//K5M8dhqguQ8J42j
cK0s4ayey0ks/qOdxsK34q4Q7OuSmWrJJIAymypgJEVZ/VWK54kJIU+OOfMvNqvC
cOPUfE+kjr0SHqHMJ5aNJwU3W/owCTftj5QDRinuoe0EZ/iWE45d1JMZJAQpJsTU
5XDY/QrZiu9+Drj8RsgWeoiEtpO9Wep0cIAXoOFwXE9kUGuw6yngv1H1q2BF599N
kHa+5A8ULySwKWwFUa4/XGvMITAQXOLIdUFDGRfMozegFPOtDj82cepPt7yIxfPG
fGKwnvi5wPT/b9JoMRIbmahNHHIKJbe6Z+J4+i7eK3Fl6Syr9HtptZIBta3lCX8Q
UAD0xvStymY=
=s4x7
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBV990Eox+lLeg9Ub1AQjrYA//TUkPUo6DAt6m4kUv0nJtGenEHolPHLsf
pwdShcKb8sS/F8OkRTrP7wp4dBEJihAcbtThxIlchJePjnkUSN/aEKiXFosl8IMi
HD3P3z0dHwiUmC1ctszNDvFPz19pJ+pajOqMZuwQwcPYPr/rRn0xXE5rIB3iefMw
vTdLB7gUozQBc1K2wX7FHQj4rXu3o/G+BCvQAzw5uuYDgVuX7/KpRcg7BVwcWFJK
ggcnm9X9sY0gMKDEtyfCVLG9XIPk2tyBjAZA3u0pP7w6krj7jQZMV6N56+nu+0ML
7jNMNv7dNI04zoCvCJQLqDX3p+uJDIsDaC2bb3gB6Z6W1bYdZ93T1kArTDy52raD
BjpRsCKiwuOw5YoPooRbKuHb1f8NPl0yQHCs4OFMLPUZWEQopcWiupeTs28+aCeh
VXGOJEXx8r6hnc6tPucebQEcaPi5R7FslbAZUUOl8MjBxtxGN41ecPPQuH0/U2Ea
pmAqRFHRB5GG2ETfZ+UzsLa+u8gusMgNJahjoMjAL/9ZOHf1V+e1gkVsz/GjgrFf
ieAKtXq0Iv4DZ5K44BXYg8VUVSiUgfQ/OGP5oiNYh7gHOtnaLZfqiKnZpI1fe5qy
PLrwtWHydkO+7Q1CDgLBX2JHqfNcaLcrfRAReFue8AOhpAInSu3XLHKaulLaDjRT
Bbt0MJ7ViPE=
=eqky
-----END PGP SIGNATURE-----